Provide two different examples of social engineering and describe how they can be used to obtain sensitive data.

Sure, here are two examples of social engineering:

1. Phishing: This is one of the most common forms of social engineering. In a phishing attack, the attacker impersonates a legitimate organization or person in an email or other communication. The message typically contains a link to a fake website where the victim is tricked into entering their personal information, such as usernames, passwords, and credit card details. For example, you might receive an email that appears to be from your bank, asking you to log in to your account to verify your details. If you click on the link in the email, you'll be taken to a website that looks like your bank's website but is actually a fake site controlled by the attacker.

2. Pretexting: This is another form of social engineering where the attacker creates a good pretext, or a fabricated scenario, that they use to try and steal their victim's personal information. In this case, the attacker usually pretends to need certain bits of information from their victim in order to confirm their identity. For example, an attacker might call someone, pretending to be from the IT department of their company, and ask for their login details to 'fix' a problem with their account.

Both of these methods rely on manipulating trust and exploiting human nature to get victims to reveal sensitive information.